-
Sat Sep 29 2018 Jack Vogel <jack.vogel@oracle.com> [4.1.12-124.19.7.el7uek]
- sunrpc: increase UNX_MAXNODENAME from 32 to __NEW_UTS_LEN bytes (Jeff Layton) [Orabug: 28660177]
- net: rds: Use address family to designate IPv4 or IPv6 addresses (Håkon Bugge) [Orabug: 28720071]
- net: rds: Fix blank at eol in af_rds.c (Håkon Bugge) [Orabug: 28720071]
-
Thu Sep 27 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.6.el7uek]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28709994] {CVE-2018-14634}
-
Tue Sep 25 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.5.el7uek]
- nsfs: mark dentry with DCACHE_RCUACCESS (Cong Wang) [Orabug: 28576290] {CVE-2018-5873}
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk) [Orabug: 28604628]
- IB/ipoib: Improve filtering log message (Yuval Shaia) [Orabug: 28655409]
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia) [Orabug: 28655409]
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia) [Orabug: 28655409]
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia) [Orabug: 28655409]
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664501] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664577] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680213]
-
Tue Sep 18 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.4.el7uek]
- Revert "x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use" (Brian Maly) [Orabug: 28610707]
-
Tue Sep 18 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.3.el7uek]
- btrfs: fix check_shared for fiemap ioctl (Lu Fengqi) [Orabug: 24716710]
- x86/pti: Don't report XenPV as vulnerable (Jiri Kosina) [Orabug: 28476681]
- xfs: give all workqueues rescuer threads (Chris Mason) [Orabug: 28518694]
- x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use (Patrick Colp) [Orabug: 28274907]
-
Fri Sep 14 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.2.el7uek]
- tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: use an RB tree for ooo receive queue (Yaogong Wang) [Orabug: 28639707] {CVE-2018-5390}
- tcp: refine tcp_prune_ofo_queue() to not drop all packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: introduce tcp_under_memory_pressure() (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
- tcp: increment sk_drops for dropped rx packets (Eric Dumazet) [Orabug: 28639707] {CVE-2018-5390}
-
Wed Sep 05 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.19.1.el7uek]
- x86/entry/64: Ensure %ebx handling correct in xen_failsafe_callback (George Kennedy) [Orabug: 28402927] {CVE-2018-14678}
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28488808] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28488808] {CVE-2018-3620}
- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck) [Orabug: 28488808] {CVE-2018-3620}
- x86/spectre: Add missing family 6 check to microcode check (Andi Kleen) [Orabug: 28488808] {CVE-2018-3620}
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner) [Orabug: 28488808] {CVE-2018-3646}
- x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [Orabug: 28488808] {CVE-2018-3620}
- x86/microcode: Do not upload microcode if CPUs are offline (Ashok Raj) [Orabug: 28488808] {CVE-2018-3620}
-
Fri Aug 31 2018 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.18.9.el7uek]
- rebuild bumping release
-
Thu Aug 30 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.18.8.el7uek]
- Cipso: cipso_v4_optptr enter infinite loop (yujuan.qi) [Orabug: 28563992] {CVE-2018-10938}
- Btrfs: fix list_add corruption and soft lockups in fsync (Liu Bo) [Orabug: 28119834]
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra) [Orabug: 28474643] {CVE-2018-15594}
- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in sym_hipd.c (George Kennedy) [Orabug: 28481893]
- md/raid1: Avoid raid1 resync getting stuck (Jes Sorensen) [Orabug: 28529228]
- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky) [Orabug: 28540376]
-
Tue Aug 21 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.18.7.el7uek]
- ext4: avoid deadlock when expanding inode size (Jan Kara) [Orabug: 25718971]
- ext4: properly align shifted xattrs when expanding inodes (Jan Kara) [Orabug: 25718971]
- ext4: fix xattr shifting when expanding inodes part 2 (Jan Kara) [Orabug: 25718971]
- ext4: fix xattr shifting when expanding inodes (Jan Kara) [Orabug: 25718971]
- uek-rpm: Enable perf stripped binary (Victor Erminpour) [Orabug: 27801171]
- nfsd: give out fewer session slots as limit approaches (J. Bruce Fields) [Orabug: 28023821]
- nfsd: increase DRC cache limit (J. Bruce Fields) [Orabug: 28023821]
- uek-rpm: config-debug: Turn off torture testing by default (Knut Omang) [Orabug: 28261886]
- ipmi: Remove smi_msg from waiting_rcv_msgs list before handle_one_recv_msg() (Junichi Nomura)
- x86/mce/AMD: Give a name to MCA bank 3 when accessed with legacy MSRs (Yazen Ghannam) [Orabug: 28416303]
- Fix up non-directory creation in SGID directories (Linus Torvalds) [Orabug: 28459477] {CVE-2018-13405}
- scsi: libsas: defer ata device eh commands to libata (Jason Yan) [Orabug: 28459685] {CVE-2018-10021}
- PCI: Allocate ATS struct during enumeration (Bjorn Helgaas) [Orabug: 28460092]